WiredWX Hobby Weather ToolsLog in

 


Blue screen of death.... sort of

3 posters

descriptionBlue screen of death.... sort of - Page 4 EmptyRe: Blue screen of death.... sort of

more_horiz
I had this problem with another application. Can you direct me to an unzipped version?

descriptionBlue screen of death.... sort of - Page 4 EmptyRe: Blue screen of death.... sort of

more_horiz
Try this: http://rapidshare.com/files/300622863/junction.exe.html

descriptionBlue screen of death.... sort of - Page 4 EmptyRe: Blue screen of death.... sort of

more_horiz
Junction v1.05 - Windows junction creator and reparse point viewer
Copyright (C) 2000-2007 Mark Russinovich
Systems Internals - http://www.sysinternals.com


Failed to open \\?\c:\\hiberfil.sys: The process cannot access the file because it is being used by another process.



Failed to open \\?\c:\\pagefile.sys: The process cannot access the file because it is being used by another process.


...

...

...

...

...

...

...

...

...

...

...

...

...

.
Failed to open \\?\c:\\Program Files\iolo\System Mechanic 7\SMSystemAnalyzer.exe: Access is denied.



Failed to open \\?\c:\\Program Files\iolo\System Mechanic 7\SysMech7.exe: Access is denied.


..

...

...

...

...

...


Failed to open \\?\c:\\Program Files\Reg Tool\Reg Tool.exe: Access is denied.


...

...
Failed to open \\?\c:\\Program Files\Uniblue\DriverScanner\DriverScanner.exe: Access is denied.




...

...

.
Failed to open \\?\c:\\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2133\snapshot\_registry_machine_system.LOG: The file or directory is corrupted and unreadable.



Failed to open \\?\c:\\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2134\snapshot\_registry_machine_system.LOG: The file or directory is corrupted and unreadable.



Failed to open \\?\c:\\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2135\snapshot\_registry_machine_system.LOG: The file or directory is corrupted and unreadable.


..

...

...

..
Failed to open \\?\c:\\WINDOWS\explorer.exe: Access is denied.


.

...

...

...

..\\?\c:\\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a: JUNCTION
Print Name : C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790
Substitute Name: C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790

\\?\c:\\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a: JUNCTION
Print Name : C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e
Substitute Name: C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e

.

...

...

...

...

...

...

...


Failed to open \\?\c:\\WINDOWS\SYSTEM32\MRT.exe: Access is denied.


...

...
Failed to open \\?\c:\\WINDOWS\SYSTEM32\WBEM\SET118.tmp: Access is denied.



Failed to open \\?\c:\\WINDOWS\SYSTEM32\WBEM\SET11F.tmp: Access is denied.



Failed to open \\?\c:\\WINDOWS\SYSTEM32\WBEM\SET12A.tmp: Access is denied.



Failed to open \\?\c:\\WINDOWS\SYSTEM32\WBEM\SET14F.tmp: Access is denied.



Failed to open \\?\c:\\WINDOWS\SYSTEM32\WBEM\SET171.tmp: Access is denied.



Failed to open \\?\c:\\WINDOWS\SYSTEM32\WBEM\SET175.tmp: Access is denied.



Failed to open \\?\c:\\WINDOWS\SYSTEM32\WBEM\SET179.tmp: Access is denied.



Failed to open \\?\c:\\WINDOWS\SYSTEM32\WBEM\SET1CB.tmp: Access is denied.



Failed to open \\?\c:\\WINDOWS\SYSTEM32\WBEM\SET1E7.tmp: Access is denied.



Failed to open \\?\c:\\WINDOWS\SYSTEM32\WBEM\SET3A.tmp: Access is denied.



Failed to open \\?\c:\\WINDOWS\SYSTEM32\WBEM\SET3B.tmp: Access is denied.



Failed to open \\?\c:\\WINDOWS\SYSTEM32\WBEM\SET3C.tmp: Access is denied.



Failed to open \\?\c:\\WINDOWS\SYSTEM32\WBEM\SET3D.tmp: Access is denied.



Failed to open \\?\c:\\WINDOWS\SYSTEM32\WBEM\SET3E.tmp: Access is denied.



Failed to open \\?\c:\\WINDOWS\SYSTEM32\WBEM\SET3E5.tmp: Access is denied.



Failed to open \\?\c:\\WINDOWS\SYSTEM32\WBEM\SET3F.tmp: Access is denied.



Failed to open \\?\c:\\WINDOWS\SYSTEM32\WBEM\SET40.tmp: Access is denied.



Failed to open \\?\c:\\WINDOWS\SYSTEM32\WBEM\SET41.tmp: Access is denied.



Failed to open \\?\c:\\WINDOWS\SYSTEM32\WBEM\SET42.tmp: Access is denied.



Failed to open \\?\c:\\WINDOWS\SYSTEM32\WBEM\SET43.tmp: Access is denied.



Failed to open \\?\c:\\WINDOWS\SYSTEM32\WBEM\SET44.tmp: Access is denied.



Failed to open \\?\c:\\WINDOWS\SYSTEM32\WBEM\SET45.tmp: Access is denied.



Failed to open \\?\c:\\WINDOWS\SYSTEM32\WBEM\SET4E.tmp: Access is denied.



Failed to open \\?\c:\\WINDOWS\SYSTEM32\WBEM\SET50.tmp: Access is denied.



Failed to open \\?\c:\\WINDOWS\SYSTEM32\WBEM\SET56.tmp: Access is denied.



Failed to open \\?\c:\\WINDOWS\SYSTEM32\WBEM\SET5E.tmp: Access is denied.



Failed to open \\?\c:\\WINDOWS\SYSTEM32\WBEM\SET67.tmp: Access is denied.



Failed to open \\?\c:\\WINDOWS\SYSTEM32\WBEM\SET77.tmp: Access is denied.



Failed to open \\?\c:\\WINDOWS\SYSTEM32\WBEM\SET80.tmp: Access is denied.



Failed to open \\?\c:\\WINDOWS\SYSTEM32\WBEM\SET9E.tmp: Access is denied.



Failed to open \\?\c:\\WINDOWS\SYSTEM32\WBEM\SETAA.tmp: Access is denied.



Failed to open \\?\c:\\WINDOWS\SYSTEM32\WBEM\SETAD.tmp: Access is denied.



Failed to open \\?\c:\\WINDOWS\SYSTEM32\WBEM\SETB9.tmp: Access is denied.



Failed to open \\?\c:\\WINDOWS\SYSTEM32\WBEM\SETBA.tmp: Access is denied.



Failed to open \\?\c:\\WINDOWS\SYSTEM32\WBEM\SETDB.tmp: Access is denied.



Failed to open \\?\c:\\WINDOWS\SYSTEM32\WBEM\SETED.tmp: Access is denied.



Failed to open \\?\c:\\WINDOWS\SYSTEM32\WBEM\SETF5.tmp: Access is denied.



Failed to open \\?\c:\\WINDOWS\SYSTEM32\WBEM\SETFF.tmp: Access is denied.





Failed to open \\?\c:\\WINDOWS\SYSTEM32\WBEM\wmiprvse.exe: Access is denied.

descriptionBlue screen of death.... sort of - Page 4 EmptyRe: Blue screen of death.... sort of

more_horiz
Please try this:

  1. Download Win32kDiag from any of the following locations and open it from its location.

    • Download Win32kDiag (Win32kDiag.exe) - #1
    • Download Win32kDiag (Win32kDiag.exe) - #2
    • Download Win32kDiag (Win32kDiag.exe) - #3

  • Double-click Win32kDiag.exe to run Win32kDiag and let it finish.
  • When it states "Finished! Press any key to exit...", press any key on your keyboard to close the program.
  • Double-click on the Win32kDiag.txt file that is located on your Desktop and post the entire contents of that log as a reply to this topic.
  • descriptionBlue screen of death.... sort of - Page 4 EmptyRe: Blue screen of death.... sort of

    more_horiz
    Running from: C:\Documents and Settings\Aarons\Desktop\Win32kDiag.exe

    Log file at : C:\Documents and Settings\Aarons\Desktop\Win32kDiag.txt

    WARNING: Could not get backup privileges!

    Searching 'C:\WINDOWS'...



    Cannot access: C:\WINDOWS\explorer.exe

    [1] 2007-06-13 06:26:03 1033216 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe (Microsoft Corporation)

    [1] 2007-06-13 05:23:07 1033216 C:\WINDOWS\$NtServicePackUninstall$\explorer.exe (Microsoft Corporation)

    [2] 2004-08-04 02:56:49 1032192 C:\WINDOWS\explorer(2).exe (Microsoft Corporation)

    [2] 2004-08-04 02:56:49 1032192 C:\WINDOWS\explorer(3).exe (Microsoft Corporation)

    [2] 2007-06-13 05:23:07 1033216 C:\WINDOWS\explorer(4).exe (Microsoft Corporation)

    [1] 2007-06-13 05:23:07 1033216 C:\WINDOWS\explorer.exe ()

    [1] 2004-08-04 02:56:49 1032192 C:\WINDOWS\ServicePackFiles\i386\explorer.exe (Microsoft Corporation)

    [1] 2008-04-13 19:12:19 1033728 C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\explorer.exe (Microsoft Corporation)

    [1] 2007-06-13 05:23:07 1033216 C:\WINDOWS\SYSTEM32\DLLCACHE\explorer.exe (Microsoft Corporation)



    Cannot access: C:\WINDOWS\SYSTEM32\MRT.exe

    [1] 2009-08-28 16:38:20 24689600 C:\WINDOWS\SYSTEM32\MRT.exe ()

    [2] 2009-07-29 19:49:14 24281536 C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2159\A0638429.exe (Microsoft Corporation)



    Cannot access: C:\WINDOWS\SYSTEM32\WBEM\SET118.tmp

    [1] 2009-02-06 11:39:29 227840 C:\WINDOWS\SYSTEM32\WBEM\SET118.tmp ()



    Cannot access: C:\WINDOWS\SYSTEM32\WBEM\SET11F.tmp

    [1] 2009-02-06 11:39:29 227840 C:\WINDOWS\SYSTEM32\WBEM\SET11F.tmp ()



    Cannot access: C:\WINDOWS\SYSTEM32\WBEM\SET12A.tmp

    [1] 2009-02-06 11:39:29 227840 C:\WINDOWS\SYSTEM32\WBEM\SET12A.tmp ()



    Cannot access: C:\WINDOWS\SYSTEM32\WBEM\SET14F.tmp

    [1] 2009-02-06 11:39:29 227840 C:\WINDOWS\SYSTEM32\WBEM\SET14F.tmp ()



    Cannot access: C:\WINDOWS\SYSTEM32\WBEM\SET171.tmp

    [1] 2009-02-06 11:39:29 227840 C:\WINDOWS\SYSTEM32\WBEM\SET171.tmp ()



    Cannot access: C:\WINDOWS\SYSTEM32\WBEM\SET175.tmp

    [1] 2009-02-06 11:39:29 227840 C:\WINDOWS\SYSTEM32\WBEM\SET175.tmp ()



    Cannot access: C:\WINDOWS\SYSTEM32\WBEM\SET179.tmp

    [1] 2009-02-06 11:39:29 227840 C:\WINDOWS\SYSTEM32\WBEM\SET179.tmp ()



    Cannot access: C:\WINDOWS\SYSTEM32\WBEM\SET1CB.tmp

    [1] 2009-02-06 11:39:29 227840 C:\WINDOWS\SYSTEM32\WBEM\SET1CB.tmp ()



    Cannot access: C:\WINDOWS\SYSTEM32\WBEM\SET1E7.tmp

    [1] 2009-02-06 11:39:29 227840 C:\WINDOWS\SYSTEM32\WBEM\SET1E7.tmp ()



    Cannot access: C:\WINDOWS\SYSTEM32\WBEM\SET3A.tmp

    [1] 2009-02-06 11:39:29 227840 C:\WINDOWS\SYSTEM32\WBEM\SET3A.tmp ()



    Cannot access: C:\WINDOWS\SYSTEM32\WBEM\SET3B.tmp

    [1] 2009-02-06 11:39:29 227840 C:\WINDOWS\SYSTEM32\WBEM\SET3B.tmp ()



    Cannot access: C:\WINDOWS\SYSTEM32\WBEM\SET3C.tmp

    [1] 2009-02-06 11:39:29 227840 C:\WINDOWS\SYSTEM32\WBEM\SET3C.tmp ()



    Cannot access: C:\WINDOWS\SYSTEM32\WBEM\SET3D.tmp

    [1] 2009-02-06 11:39:29 227840 C:\WINDOWS\SYSTEM32\WBEM\SET3D.tmp ()



    Cannot access: C:\WINDOWS\SYSTEM32\WBEM\SET3E.tmp

    [1] 2009-02-06 11:39:29 227840 C:\WINDOWS\SYSTEM32\WBEM\SET3E.tmp ()



    Cannot access: C:\WINDOWS\SYSTEM32\WBEM\SET3E5.tmp

    [1] 2009-02-06 11:39:29 227840 C:\WINDOWS\SYSTEM32\WBEM\SET3E5.tmp ()



    Cannot access: C:\WINDOWS\SYSTEM32\WBEM\SET3F.tmp

    [1] 2009-02-06 11:39:29 227840 C:\WINDOWS\SYSTEM32\WBEM\SET3F.tmp ()

    descriptionBlue screen of death.... sort of - Page 4 EmptyRe: Blue screen of death.... sort of

    more_horiz
    Cannot access: C:\WINDOWS\SYSTEM32\WBEM\SET40.tmp

    [1] 2009-02-06 11:39:29 227840 C:\WINDOWS\SYSTEM32\WBEM\SET40.tmp ()



    Cannot access: C:\WINDOWS\SYSTEM32\WBEM\SET41.tmp

    [1] 2009-02-06 11:39:29 227840 C:\WINDOWS\SYSTEM32\WBEM\SET41.tmp ()



    Cannot access: C:\WINDOWS\SYSTEM32\WBEM\SET42.tmp

    [1] 2009-02-06 11:39:29 227840 C:\WINDOWS\SYSTEM32\WBEM\SET42.tmp ()



    Cannot access: C:\WINDOWS\SYSTEM32\WBEM\SET43.tmp

    [1] 2009-02-06 11:39:29 227840 C:\WINDOWS\SYSTEM32\WBEM\SET43.tmp ()



    Cannot access: C:\WINDOWS\SYSTEM32\WBEM\SET44.tmp

    [1] 2009-02-06 11:39:29 227840 C:\WINDOWS\SYSTEM32\WBEM\SET44.tmp ()



    Cannot access: C:\WINDOWS\SYSTEM32\WBEM\SET45.tmp

    [1] 2009-02-06 11:39:29 227840 C:\WINDOWS\SYSTEM32\WBEM\SET45.tmp ()



    Cannot access: C:\WINDOWS\SYSTEM32\WBEM\SET4E.tmp

    [1] 2009-02-06 11:39:29 227840 C:\WINDOWS\SYSTEM32\WBEM\SET4E.tmp ()



    Cannot access: C:\WINDOWS\SYSTEM32\WBEM\SET50.tmp

    [1] 2009-02-06 11:39:29 227840 C:\WINDOWS\SYSTEM32\WBEM\SET50.tmp ()



    Cannot access: C:\WINDOWS\SYSTEM32\WBEM\SET56.tmp

    [1] 2009-02-06 11:39:29 227840 C:\WINDOWS\SYSTEM32\WBEM\SET56.tmp ()



    Cannot access: C:\WINDOWS\SYSTEM32\WBEM\SET5E.tmp

    [1] 2009-02-06 11:39:29 227840 C:\WINDOWS\SYSTEM32\WBEM\SET5E.tmp ()



    Cannot access: C:\WINDOWS\SYSTEM32\WBEM\SET67.tmp

    [1] 2009-02-06 11:39:29 227840 C:\WINDOWS\SYSTEM32\WBEM\SET67.tmp ()



    Cannot access: C:\WINDOWS\SYSTEM32\WBEM\SET77.tmp

    [1] 2009-02-06 11:39:29 227840 C:\WINDOWS\SYSTEM32\WBEM\SET77.tmp ()



    Cannot access: C:\WINDOWS\SYSTEM32\WBEM\SET80.tmp

    [1] 2009-02-06 11:39:29 227840 C:\WINDOWS\SYSTEM32\WBEM\SET80.tmp ()



    Cannot access: C:\WINDOWS\SYSTEM32\WBEM\SET9E.tmp

    [1] 2009-02-06 11:39:29 227840 C:\WINDOWS\SYSTEM32\WBEM\SET9E.tmp ()



    Cannot access: C:\WINDOWS\SYSTEM32\WBEM\SETAA.tmp

    [1] 2009-02-06 11:39:29 227840 C:\WINDOWS\SYSTEM32\WBEM\SETAA.tmp ()



    Cannot access: C:\WINDOWS\SYSTEM32\WBEM\SETAD.tmp

    [1] 2009-02-06 11:39:29 227840 C:\WINDOWS\SYSTEM32\WBEM\SETAD.tmp ()



    Cannot access: C:\WINDOWS\SYSTEM32\WBEM\SETB9.tmp

    [1] 2009-02-06 11:39:29 227840 C:\WINDOWS\SYSTEM32\WBEM\SETB9.tmp ()



    Cannot access: C:\WINDOWS\SYSTEM32\WBEM\SETBA.tmp

    [1] 2009-02-06 11:39:29 227840 C:\WINDOWS\SYSTEM32\WBEM\SETBA.tmp ()



    Cannot access: C:\WINDOWS\SYSTEM32\WBEM\SETDB.tmp

    [1] 2009-02-06 11:39:29 227840 C:\WINDOWS\SYSTEM32\WBEM\SETDB.tmp ()



    Cannot access: C:\WINDOWS\SYSTEM32\WBEM\SETED.tmp

    [1] 2009-02-06 11:39:29 227840 C:\WINDOWS\SYSTEM32\WBEM\SETED.tmp ()



    Cannot access: C:\WINDOWS\SYSTEM32\WBEM\SETF5.tmp

    [1] 2009-02-06 11:39:29 227840 C:\WINDOWS\SYSTEM32\WBEM\SETF5.tmp ()



    Cannot access: C:\WINDOWS\SYSTEM32\WBEM\SETFF.tmp

    [1] 2009-02-06 11:39:29 227840 C:\WINDOWS\SYSTEM32\WBEM\SETFF.tmp ()



    Cannot access: C:\WINDOWS\SYSTEM32\WBEM\wmiprvse.exe

    [1] 2009-02-06 04:41:05 227840 C:\WINDOWS\$hf_mig$\KB956572\SP2QFE\wmiprvse.exe (Microsoft Corporation)

    [1] 2009-02-06 05:10:02 227840 C:\WINDOWS\$hf_mig$\KB956572\SP3GDR\wmiprvse.exe (Microsoft Corporation)

    [1] 2009-02-06 05:15:13 227840 C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\wmiprvse.exe (Microsoft Corporation)

    [1] 2004-08-04 02:56:57 218112 C:\WINDOWS\$NtServicePackUninstall$\wmiprvse.exe (Microsoft Corporation)

    [1] 2004-08-04 02:56:57 218112 C:\WINDOWS\ServicePackFiles\i386\wmiprvse.exe (Microsoft Corporation)

    [1] 2009-02-06 11:39:29 227840 C:\WINDOWS\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2GDR\wmiprvse.exe (Microsoft Corporation)

    [1] 2009-02-06 04:41:05 227840 C:\WINDOWS\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2QFE\wmiprvse.exe (Microsoft Corporation)

    [1] 2009-02-06 05:10:02 227840 C:\WINDOWS\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3GDR\wmiprvse.exe (Microsoft Corporation)

    [1] 2009-02-06 05:15:13 227840 C:\WINDOWS\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3QFE\wmiprvse.exe (Microsoft Corporation)

    [1] 2008-04-13 19:12:40 218112 C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\wmiprvse.exe (Microsoft Corporation)

    [1] 2009-02-06 11:39:29 227840 C:\WINDOWS\SYSTEM32\DLLCACHE\wmiprvse.exe (Microsoft Corporation)

    [1] 2009-02-06 11:39:29 227840 C:\WINDOWS\SYSTEM32\WBEM\wmiprvse.exe ()

    [2] 2004-08-04 02:56:57 218112 C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2147\A0638152.exe (Microsoft Corporation)

    [1] 2002-08-29 06:00:00 203776 C:\i386\WMIPRVSE.EXE (Microsoft Corporation)





    Finished!

    descriptionBlue screen of death.... sort of - Page 4 EmptyRe: Blue screen of death.... sort of

    more_horiz
    Avira AntiVir Rescue System is a Linux-based application that allows accessing computers that are highly damaged to remove viruses.
    • Download The Avira AntiVir Rescue System from Antivir.de.
    • Just double-click on the rescue system package to burn it to a CD/DVD.
    • Then please use that CD/DVD with Avira Rescue System to boot your computer.
    You'll get a boot option to either boot from hard drive or AntiVir Rescue System.
    Blue screen of death.... sort of - Page 4 2i8vzwo

    Press the number 2 on your keyboard to boot into AntiVir Rescue System.

    Please wait until drivers are loaded and Main menu shows. Then please select the second option “Scan your system with AntiVir” and hit Enter.
    Blue screen of death.... sort of - Page 4 33dxve1

    Under Configuration, please select Scan all files, Try to repair infected files and Rename files if they cannot be removed?.
    Blue screen of death.... sort of - Page 4 2aaby46

    Then please start the scan.

    The Avira AntiVir Rescue System wil now

    • repair a damaged system,
    • rescue data,
    • scan the system for virus infections.

    descriptionBlue screen of death.... sort of - Page 4 EmptyRe: Blue screen of death.... sort of

    more_horiz
    Once i boot from the cd , the application loads but does not give me any options for running a scan or anything. I thought maybe i did something wrondg so i burned a new cd and tried again and i get the same thing.

    descriptionBlue screen of death.... sort of - Page 4 EmptyRe: Blue screen of death.... sort of

    more_horiz
    Can you boot in to Safe Mode (no Rescue, just normal boot), at least? Do you see a Desktop and different objects?

    Your system is highly damaged, and certain objects are locked, so removing this beast will be rough. If we can work in Safe Mode with Networking, I can assist in resetting a lot of those locked items (shown in the Win32KDiag log above).

    (To reboot to Safe Mode with Networking (tap the F8 key just before Windows starts to load and select the Safe Mode with Networking option from the menu).)

    Reply back here if you are there successfully. Or if you had any issues in getting in to Safe Mode.

    descriptionBlue screen of death.... sort of - Page 4 EmptyRe: Blue screen of death.... sort of

    more_horiz
    Safe mode with networking is a no go. As soon as it is time for password the system just locks up. I believe i can boot in regular safe mode.

    descriptionBlue screen of death.... sort of - Page 4 EmptyRe: Blue screen of death.... sort of

    more_horiz
    Please download the Kaspersky AVP Tool from Kaspersky-labs.com.
    • Save it to your desktop.
    • Please reboot to Safe Mode (tap the F8 key just before Windows starts to load and select the Safe Mode option from the menu).
    • Double click the setup file to run it.
    • Click Next to continue.
    • It will by default install it to your desktop folder.Click Next.
    • Hit ok at the prompt for scanning in Safe Mode.
    • It will then open a box There will be a tab that says Automatic scan.
    • Under Automatic scan make sure these are checked:

      • System Memory
      • Startup Objects
      • Disk Boot Sectors.
      • My Computer.
      • Also any other drives (Removable that you may have)

    After that click on Security level then choose Customize then click on the tab that says Heuristic Analyzer then choose Enable Deep rootkit search then choose ok.
    Then choose OK again then you are back to the main screen.

    • Then click on Scan at the to right hand Corner.
    • It will automatically Neutralize any objects found.
    • If some objects are left un-neutralized then click the button that says Neutralize all
    • If it says it cannot be Neutralized then chooose The delete option when prompted.
    • After that is done click on the reports button at the bottom and save it to file name it Kas.
    • Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.
    Note: This tool will self uninstall when you close it so please save the log before closing it.

    If some of the options are not available, use as many as possible, and do the scan.

    descriptionBlue screen of death.... sort of - Page 4 EmptyRe: Blue screen of death.... sort of

    more_horiz
    Im sorry I did not follow directions fully. My scan is in two parts because I forgot about the heuristic analyzer part and had to re-do it.

    Scan
    ----
    Scanned: 596346
    Detected: 71
    Untreated: 0
    Start time: 11/4/2009 7:26:14 AM
    Duration: 12:44:16
    Finish time: 11/4/2009 8:10:30 PM


    Detected
    --------
    Status Object
    ------ ------
    will be deleted when the computer is restarted: Trojan program Trojan.Win32.Cosmu.cmc File: C:\Program Files\SafetyCenter\start.exe//PE_Patch.UPX//UPX
    deleted: Trojan program Trojan.BAT.Agent.tf File: C:\HzG.bat
    deleted: Trojan program Trojan.Win32.Buzus.cknw File: C:\Documents and Settings\Aarons\Application Data\Sun\Java\Deployment\cache\6.0\57\9d50e39-7ff9e4a0
    deleted: Trojan program Trojan.Win32.Buzus.cknw File: C:\Documents and Settings\Aarons\Local Settings\temp\0.2865700287181637.exe
    deleted: Trojan program Trojan.Win32.Cosmu.cmc File: C:\Program Files\mozilla.org\SeaMonkey\temp.exe//PE_Patch.UPX//UPX
    deleted: Trojan program Trojan.Win32.Cosmu.cmc File: C:\Program Files\SafetyCenter\new.exe//PE_Patch.UPX//UPX
    deleted: Trojan program Trojan.Win32.Cosmu.cmc File: C:\Program Files\SafetyCenter\protector.exe//PE_Patch.UPX//UPX
    deleted: Trojan program Trojan.Win32.FraudPack.yja File: C:\Program Files\SafetyCenter\tst.exe/big.dll
    deleted: Trojan program Trojan.Win32.Cosmu.cmc File: C:\Program Files\SafetyCenter\uninstall.exe//PE_Patch.UPX//UPX
    deleted: Trojan program Trojan-Downloader.Win32.FraudLoad.fhv File: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2159\A0638432.exe
    deleted: Trojan program Trojan-Downloader.Win32.FraudLoad.fhv File: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2159\A0638433.exe
    deleted: Trojan program Trojan-Downloader.Win32.FraudLoad.fhv File: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2160\A0638474.exe
    deleted: Trojan program Trojan-Downloader.Win32.FraudLoad.fhv File: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2160\A0638475.exe
    deleted: Trojan program Trojan-Downloader.Win32.FraudLoad.fhv File: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2161\A0638515.exe
    deleted: Trojan program Trojan-Downloader.Win32.FraudLoad.fhv File: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2161\A0638516.exe
    deleted: Trojan program Trojan-Downloader.Win32.FraudLoad.fhv File: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2161\A0639515.exe
    deleted: Trojan program Trojan-Downloader.Win32.FraudLoad.fhv File: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2161\A0639516.exe
    deleted: Trojan program Trojan-Downloader.Win32.FraudLoad.fhv File: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2162\A0639566.exe
    deleted: Trojan program Trojan-Downloader.Win32.FraudLoad.fhv File: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2162\A0639567.exe
    deleted: Trojan program Trojan-Downloader.Win32.FraudLoad.fhv File: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2163\A0639611.exe
    deleted: Trojan program Trojan-Downloader.Win32.FraudLoad.fhv File: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2163\A0639612.exe
    deleted: Trojan program Trojan-Downloader.Win32.FraudLoad.fhv File: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2164\A0639656.exe
    deleted: Trojan program Trojan-Downloader.Win32.FraudLoad.fhv File: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2164\A0639657.exe
    deleted: Trojan program Trojan-Downloader.Win32.FraudLoad.fhv File: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2164\A0639669.exe
    deleted: Trojan program Trojan-Downloader.Win32.FraudLoad.fhv File: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2164\A0639670.exe
    deleted: Trojan program Trojan-Downloader.Win32.FraudLoad.fhv File: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2165\A0639711.exe
    deleted: Trojan program Trojan-Downloader.Win32.FraudLoad.fhv File: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2165\A0639712.exe
    deleted: Trojan program Trojan-Downloader.Win32.FraudLoad.fhv File: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2166\A0639754.exe
    deleted: Trojan program Trojan-Downloader.Win32.FraudLoad.fhv File: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2166\A0639755.exe
    deleted: Trojan program Trojan-Downloader.Win32.FraudLoad.fhv File: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2167\A0639799.exe
    deleted: Trojan program Trojan-Downloader.Win32.FraudLoad.fhv File: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2167\A0639800.exe
    deleted: Trojan program Trojan-Downloader.Win32.FraudLoad.fhv File: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2168\A0639838.exe
    deleted: Trojan program Trojan-Downloader.Win32.FraudLoad.fhv File: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2168\A0639839.exe
    deleted: Trojan program Trojan-Downloader.Win32.FraudLoad.fhv File: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2169\A0640080.exe
    deleted: Trojan program Trojan-Downloader.Win32.FraudLoad.fhv File: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2169\A0640081.exe
    deleted: Trojan program Trojan-Downloader.Win32.FraudLoad.fhv File: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2170\A0640124.exe
    deleted: Trojan program Trojan-Downloader.Win32.FraudLoad.fhv File: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2170\A0640125.exe
    deleted: Trojan program Trojan-Downloader.Win32.FraudLoad.fhv File: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2171\A0640163.exe
    deleted: Trojan program Trojan-Downloader.Win32.FraudLoad.fhv File: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2171\A0640164.exe
    deleted: Trojan program Trojan-Downloader.Win32.FraudLoad.fhv File: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2172\A0640203.exe
    deleted: Trojan program Trojan-Downloader.Win32.FraudLoad.fhv File: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2172\A0640204.exe
    deleted: Trojan program Trojan-Downloader.Win32.FraudLoad.fhv File: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2173\A0640243.exe
    deleted: Trojan program Trojan-Downloader.Win32.FraudLoad.fhv File: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2173\A0640244.exe
    deleted: Trojan program Trojan-Downloader.Win32.FraudLoad.fhv File: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2173\A0641243.exe
    deleted: Trojan program Trojan-Downloader.Win32.FraudLoad.fhv File: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2173\A0641244.exe
    deleted: Trojan program Trojan-Downloader.Win32.FraudLoad.fhv File: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2174\A0641286.exe
    deleted: Trojan program Trojan-Downloader.Win32.FraudLoad.fhv File: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2174\A0641287.exe
    deleted: Trojan program Trojan-Downloader.Win32.FraudLoad.fhv File: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2175\A0641335.exe
    deleted: Trojan program Trojan-Downloader.Win32.FraudLoad.fhv File: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2175\A0641336.exe
    deleted: Trojan program Trojan-Downloader.Win32.FraudLoad.fhv File: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2176\A0641375.exe
    deleted: Trojan program Trojan-Downloader.Win32.FraudLoad.fhv File: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2176\A0641376.exe
    deleted: Trojan program Trojan-Downloader.Win32.FraudLoad.fhv File: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2177\A0641416.exe
    deleted: Trojan program Trojan-Downloader.Win32.FraudLoad.fhv File: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2177\A0641417.exe
    deleted: Trojan program Trojan-Downloader.Win32.FraudLoad.fhv File: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2178\A0641468.exe
    deleted: Trojan program Trojan-Downloader.Win32.FraudLoad.fhv File: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2178\A0641469.exe
    deleted: Trojan program Trojan-Downloader.Win32.FraudLoad.fhv File: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2178\A0641481.exe
    deleted: Trojan program Trojan-Downloader.Win32.FraudLoad.fhv File: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2178\A0641482.exe
    deleted: Trojan program Trojan-Downloader.Win32.FraudLoad.fhv File: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2178\A0641491.exe
    deleted: Trojan program Trojan-Downloader.Win32.FraudLoad.fhv File: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2178\A0641492.exe
    deleted: Trojan program Trojan-Downloader.Win32.FraudLoad.fhv File: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2179\A0641535.exe
    deleted: Trojan program Trojan-Downloader.Win32.FraudLoad.fhv File: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2179\A0641536.exe
    deleted: Trojan program Trojan-Downloader.Win32.FraudLoad.fhv File: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2180\A0641572.exe
    deleted: Trojan program Trojan-Downloader.Win32.FraudLoad.fhv File: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2180\A0641573.exe
    deleted: Trojan program Backdoor.Win32.Agent.akmn File: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2180\A0641737.dll
    deleted: Trojan program Trojan.BAT.Agent.tf File: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2200\A0644035.bat
    deleted: Trojan program Trojan.Win32.Cosmu.cmc File: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2200\A0644036.exe//PE_Patch.UPX//UPX
    deleted: Trojan program Trojan.Win32.Cosmu.cmc File: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2200\A0644037.exe//PE_Patch.UPX//UPX
    deleted: Trojan program Trojan.Win32.Cosmu.cmc File: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2200\A0644038.exe//PE_Patch.UPX//UPX
    deleted: Trojan program Trojan.Win32.FraudPack.yja File: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2200\A0644039.exe/big.dll
    deleted: Trojan program Trojan.Win32.Cosmu.cmc File: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2200\A0644040.exe//PE_Patch.UPX//UPX
    deleted: Trojan program Trojan.Win32.FraudPack.yja File: c:\system volume information\_restore{b37680b2-ba0a-4e5d-bf30-83e44c588624}\rp2200\a0644039.exe


    Events
    ------
    Time Name Status Reason
    ---- ---- ------ ------
    11/4/2009 7:27:48 AM Running module: smss.exe\smss.exe ok scanned


    Statistics
    ----------
    Object Scanned Detected Untreated Deleted Moved to Quarantine Archives Packed files Password protected Corrupted
    ------ ------- -------- --------- ------- ------------------- -------- ------------ ------------------ ---------


    Settings
    --------
    Parameter Value
    --------- -----
    Security Level Recommended
    Action Prompt for action when the scan is complete
    Run mode Manually
    File types Scan all files
    Scan only new and changed files No
    Scan archives All
    Scan embedded OLE objects All
    Skip if object is larger than No
    Skip if scan takes longer than No
    Parse email formats No
    Scan password-protected archives No
    Enable iChecker technology No
    Enable iSwift technology No
    Show detected threats on "Detected" tab Yes
    Rootkits search Yes
    Deep rootkits search No
    Use heuristic analyzer Yes


    Quarantine
    ----------
    Status Object Size Added
    ------ ------ ---- -----


    Backup
    ------
    Status Object Size
    ------ ------ ----

    descriptionBlue screen of death.... sort of - Page 4 EmptyRe: Blue screen of death.... sort of

    more_horiz
    Scan
    ----
    Scanned: 574767
    Detected: 1
    Untreated: 0
    Start time: 11/4/2009 8:36:17 PM
    Duration: 1 days 00:37:10
    Finish time: 11/5/2009 9:13:27 PM


    Detected
    --------
    Status Object
    ------ ------
    deleted: Trojan program Trojan.Win32.Cosmu.cmc File: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2200\A0644042.exe//PE_Patch.UPX//UPX


    Events
    ------
    Time Name Status Reason
    ---- ---- ------ ------
    11/4/2009 8:37:14 PM Running module: smss.exe\smss.exe ok scanned
    11/4/2009 8:37:22 PM File: C:\WINDOWS\System32\smss.exe ok scanned
    11/4/2009 8:37:22 PM Running module: smss.exe\ntdll.dll ok scanned
    11/4/2009 8:37:24 PM File: C:\WINDOWS\system32\ntdll.dll ok scanned
    11/4/2009 8:37:24 PM Running module: csrss.exe\csrss.exe ok scanned
    11/4/2009 8:37:24 PM File: C:\WINDOWS\system32\csrss.exe ok scanned
    11/4/2009 8:37:24 PM Running module: csrss.exe\ntdll.dll ok scanned
    11/4/2009 8:37:24 PM File: C:\WINDOWS\system32\ntdll.dll ok scanned
    11/4/2009 8:37:24 PM Running module: csrss.exe\CSRSRV.dll ok scanned
    11/4/2009 8:37:25 PM File: C:\WINDOWS\system32\CSRSRV.dll ok scanned
    11/4/2009 8:37:25 PM Running module: csrss.exe\basesrv.dll ok scanned
    11/4/2009 8:37:25 PM File: C:\WINDOWS\system32\basesrv.dll ok scanned
    11/4/2009 8:37:25 PM Running module: csrss.exe\winsrv.dll ok scanned
    11/4/2009 8:37:27 PM File: C:\WINDOWS\system32\winsrv.dll ok scanned
    11/4/2009 8:37:27 PM Running module: csrss.exe\GDI32.dll ok scanned
    11/4/2009 8:37:28 PM File: C:\WINDOWS\system32\GDI32.dll ok scanned
    11/4/2009 8:37:28 PM Running module: csrss.exe\KERNEL32.dll ok scanned
    11/4/2009 8:37:30 PM File: C:\WINDOWS\system32\KERNEL32.dll ok scanned
    11/4/2009 8:37:30 PM Running module: csrss.exe\USER32.dll ok scanned
    11/4/2009 8:37:33 PM File: C:\WINDOWS\system32\USER32.dll ok scanned
    11/4/2009 8:37:33 PM Running module: csrss.exe\sxs.dll ok scanned
    11/4/2009 8:37:34 PM File: C:\WINDOWS\system32\sxs.dll ok scanned
    11/4/2009 8:37:34 PM Running module: csrss.exe\ADVAPI32.dll ok scanned


    Statistics
    ----------
    Object Scanned Detected Untreated Deleted Moved to Quarantine Archives Packed files Password protected Corrupted
    ------ ------- -------- --------- ------- ------------------- -------- ------------ ------------------ ---------


    Settings
    --------
    Parameter Value
    --------- -----
    Security Level Custom
    Action Prompt for action when the scan is complete
    Run mode Manually
    File types Scan all files
    Scan only new and changed files No
    Scan archives All
    Scan embedded OLE objects All
    Skip if object is larger than No
    Skip if scan takes longer than No
    Parse email formats No
    Scan password-protected archives No
    Enable iChecker technology No
    Enable iSwift technology No
    Show detected threats on "Detected" tab Yes
    Rootkits search Yes
    Deep rootkits search Yes
    Use heuristic analyzer Yes


    Quarantine
    ----------
    Status Object Size Added
    ------ ------ ---- -----


    Backup
    ------
    Status Object Size
    ------ ------ ----

    descriptionBlue screen of death.... sort of - Page 4 EmptyRe: Blue screen of death.... sort of

    more_horiz
    Now to get you off to a good start we will clean your restore points so that all the bad stuff is gone for good. Then if you need to restore at some stage you will be clean. There are several ways to reset your restore points, but this is my method:
    • Select Start > All Programs > Accessories > System tools > System Restore.
    • On the dialogue box that appears select Create a Restore Point
    • Click NEXT
    • Enter a name e.g. Clean
    • Click CREATE

    You now have a clean restore point, to get rid of the bad ones:
    • Select Start > All Programs > Accessories > System tools > Disk Cleanup.
    • In the Drop down box that appears select your main drive e.g. C
    • Click OK
    • The System will do some calculation and the display a dialogue box with TABS
    • Select the More Options Tab.
    • At the bottom will be a system restore box with a CLEANUP button click this
    • Accept the Warning and select OK again, the program will close and you are done


    ==
    Hopefully this will be the final check, please do the following:
    Download SuperAntiSpyware

    • Load SuperAntiSpyware and click the Check for updates button.
    • Once the update is finished click the Scan your computer button.
    • Check Perform Complete Scan and then next.
    • SuperAntiSpyware will now scan your computer and when its finished it will list all the infections it has found.
    • Make sure that they all have a check next to them and press next.
    • Click finish and you will be taken back to the main interface.
    • Click Preferences and then click the statistics/logs tab. Click the dated log and press view log and a text file will appear.
    • Copy and paste the log onto the forum.

    descriptionBlue screen of death.... sort of - Page 4 EmptyRe: Blue screen of death.... sort of

    more_horiz
    I am unable to access my start menu because of the blue scree. Can I get to it from task manager somehow? I don't want to go any further with your instructions until I know I'm not going mess things up further. I know you guys have put alot of time into helping me with this, and i hate to sabotage it now!

    descriptionBlue screen of death.... sort of - Page 4 EmptyRe: Blue screen of death.... sort of

    more_horiz
    privacy_tip Permissions in this forum:
    You cannot reply to topics in this forum